{% for agent_config in ossec_agent_configs %}
<agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
  <syscheck>
{% if agent_config.type_value == "Linux" %}
    <restart_audit>yes</restart_audit>
{% for no_diff in agent_config.syscheck.no_diff %}
    <nodiff>{{ no_diff }}</nodiff>
{% endfor %}
{% endif %}
{% if agent_config.type_value == "Windows" %}
{% for registry_key in agent_config.syscheck.registry %}
{% if registry_key.arch is defined %}
    <windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
{% else %}
    <windows_registry>{{ registry_key.key }}</windows_registry>
{% endif %}
{% endfor %}
{% for registry_ignore in agent_config.syscheck.registry_ignore %}
{% if registry_ignore.type is defined %}
    <registry_ignore type="{{ registry_ignore.type }}">{{ registry_ignore.key }}</registry_ignore>
{% else %}
    <registry_ignore>{{ registry_ignore.key }}</registry_ignore>
{% endif %}
{% endfor %}
    <windows_audit_interval>{{ agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %}
    <remove_old_diff>{{ agent_config.syscheck.remove_old_diff }}</remove_old_diff>
    <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
    <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
    <frequency>{{ agent_config.syscheck.frequency }}</frequency>
    <scan_on_start>{{ agent_config.syscheck.scan_on_start }}</scan_on_start>
    <disabled>{{ agent_config.syscheck.disable }}</disabled>
{% for directory in agent_config.syscheck.directories %}
    <directories check_all="yes" whodata="{% if directory.whodata is defined and directory.whodata == 'yes' %}yes{% else %}no{% endif %}">{{ directory.dirs }}</directories>
{% endfor %}
{% for ignore in agent_config.syscheck.ignore %}
    <ignore>{{ ignore }}</ignore>
{% endfor %}
  </syscheck>

{% for localfile in agent_config.localfiles %}
  <localfile>
    <log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
    <command>{{ localfile.command }}</command>
{% if localfile.alias is defined %}
    <alias>{{ localfile.alias }}</alias>
{% endif %}
{% if localfile.frequency is defined %}
    <frequency>{{ localfile.frequency }}</frequency>
{% endif %}
{% else %}
    <location>{{ localfile.location }}</location>
{% if localfile.format == 'eventchannel' %}
{% if localfile.only_future_events is defined %}
    <only-future-events>{{ localfile.only_future_events }}</only_future_events>
{% endif %}
{% if localfile.query is defined %}
    <query>{{ localfile.query }}</query>
{% endif %}
{% endif %}
{% endif %}
{% if localfile.format == 'json' and localfile.labels is defined %}
{% for key, value in localfile.labels.iteritems() %}
    <label key="{{ key }}">{{ value }}</label>
{% endfor %}
{% endif %}
{% if localfile.target is defined %}
    <target>{{ localfile.target }}</target>
{% endif %}
{% if localfile.out_format is defined %}
    <out_format>{{ localfile.out_format }}</out_format>
{% endif %}
  </localfile>
{% endfor %}

  <rootcheck>
    <disabled>{{ agent_config.rootcheck.disable }}</disabled>
    <scanall>{{ agent_config.rootcheck.scanall }}</scanall>
    <check_files>{{ agent_config.rootcheck.check_files }}</check_files>
    <check_trojans>{{ agent_config.rootcheck.check_trojans }}</check_trojans>
    <check_dev>{{ agent_config.rootcheck.check_dev }}</check_dev>
    <check_sys>{{ agent_config.rootcheck.check_sys }}</check_sys>
    <check_pids>{{ agent_config.rootcheck.check_pids }}</check_pids>
    <check_ports>{{ agent_config.rootcheck.check_ports }}</check_ports>
    <check_if>{{ agent_config.rootcheck.check_if }}</check_if>
    <frequency>{{ agent_config.rootcheck.frequency }}</frequency>
{% if agent_config.type_value == "Linux" %}
    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
{% endif %}
{% if agent_config.type_value == "Windows" %}
    <check_winapps>{{ agent_config.rootcheck.check_winapps }}</check_winapps>
    <check_winaudit>{{ agent_config.rootcheck.check_winaudit }}</check_winaudit>
    <check_winmalware>{{ agent_config.rootcheck.check_winmalware }}</check_winmalware>
    <windows_audit>C:\Program Files (x86)\ossec-agent\shared\win_audit_rcl.txt</windows_audit>
    <windows_apps>C:\Program Files (x86)\ossec-agent\shared\win_applications_rcl.txt</windows_apps>
    <windows_malware>C:\Program Files (x86)\ossec-agent\shared\windows_malware.txt</windows_malware>
{% endif %}
    <skip_nfs>{{ agent_config.rootcheck.skip_nfs }}</skip_nfs>
  </rootcheck>

  <client_buffer>
    <disabled>{{ agent_config.client_buffer.disable }}</disabled>
    <queue_size>{{ agent_config.client_buffer.queue_size }}</queue_size>
    <events_per_second>{{ agent_config.client_buffer.events_per_sec }}</events_per_second>
  </client_buffer>

  <sca>
    <enabled>{{ agent_config.sca.enabled }}</enabled>
    <scan_on_start>{{ agent_config.sca.scan_on_start }}</scan_on_start>
    <interval>{{ agent_config.sca.interval }}</interval>
    <skip_nfs>{{ agent_config.sca.skip_nfs }}</skip_nfs>
    <policies>
{% for policy in agent_config.sca.policies %}
      <policy>{{ policy }}</policy>
{% endfor %}
    </policies>
  </sca>

  <wodle name="syscollector">
    <disabled>{{ agent_config.syscollector.disable }}</disabled>
    <interval>{{ agent_config.syscollector.interval }}</interval>
    <scan_on_start>{{ agent_config.syscollector.scan_on_start }}</scan_on_start>
{% if agent_config.type_value == "Windows" %}
    <hotfixes>{{ agent_config.syscollector.hotfixes }}</hotfixes>
{% endif %}
    <hardware>{{ agent_config.syscollector.hardware }}</hardware>
    <os>{{ agent_config.syscollector.os }}</os>
    <network>{{ agent_config.syscollector.network }}</network>
    <packages>{{ agent_config.syscollector.packages }}</packages>
    <ports all="no">{{ agent_config.syscollector.ports }}</ports>
    <processes>{{ agent_config.syscollector.processes }}</processes>
  </wodle>

  <wodle name="osquery">
    <disabled>{{ agent_config.osquery.disable }}</disabled>
    <run_daemon>{{ agent_config.osquery.run_daemon }}</run_daemon>
    <add_labels>{{ agent_config.osquery.add_labels }}</add_labels>
{% if agent_config.type_value == "Linux" %}
    <config_path>/etc/osquery/osquery.conf</config_path>
    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
{% endif %}
{% if agent_config.type_value == "Windows" %}
    <bin_path>C:\Program Files\osquery\osqueryd</bin_path>
    <config_path>C:\Program Files\osquery\osquery.conf</config_path>
    <log_path>C:\Program Files\osquery\log\osqueryd.results.log</log_path>
{% endif %}
  </wodle>

{% if agent_config.type_value == "Linux" %}
  <wodle name="open-scap">
    <disabled>{{ agent_config.openscap.disable }}</disabled>
    <timeout>{{ agent_config.openscap.timeout }}</timeout>
    <interval>{{ agent_config.openscap.interval }}</interval>
    <scan-on-start>{{ agent_config.openscap.scan_on_start }}</scan-on-start>
    <content type="xccdf" path="/usr/share/xml/scap/ssg/content/ssg-{% if ansible_distribution == 'CentOS' %}centos{% elif ansible_distribution == 'RedHat' %}rhel{% endif %}{{ ansible_distribution_major_version }}-ds.xml">
      <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
    </content>
  </wodle>
{% endif %}

{% if agent_config.type_value == "Linux" %}
  <wodle name="docker-listener">
    <interval>{{ agent_config.docker.interval }}</interval>
    <attempts>{{ agent_config.docker.attempts }}</attempts>
    <run_on_start>{{ agent_config.docker.run_on_start }}</run_on_start>
    <disabled>{{ agent_config.docker.disable }}</disabled>
  </wodle>
{% endif %}
</agent_config>
{% endfor %}
